4 ike phases, Figure 19 two phases to set up the ipsec sa – ZyXEL Communications ZyXEL ZyWALL 35 User Manual

ZyWALL 35 User’s Guide

86

Chapter 3 Wizard Setup

3.4.4 IKE Phases

There are two phases to every IKE (Internet Key Exchange) negotiation – phase 1
(Authentication) and phase 2 (Key Exchange). A phase 1 exchange establishes an IKE SA and
the second one uses that SA to negotiate SAs for IPSec.

Figure 19 Two Phases to Set Up the IPSec SA

In phase 1 you must:

• Choose a negotiation mode.
• Authenticate the connection by entering a pre-shared key.
• Choose an encryption algorithm.
• Choose an authentication algorithm.
• Choose a Diffie-Hellman public-key cryptography key group (DH1 or DH2).

Starting IP

Address

When the Remote Network field is configured to Single, enter a (static) IP address

on the network behind the remote IPSec router. When the Remote Network field is

configured to Range IP, enter the beginning (static) IP address, in a range of

computers on the network behind the remote IPSec router. When the Remote

Network field is configured to Subnet, enter a (static) IP address on the network

behind the remote IPSec router

Ending IP

Address/

Subnet Mask

When the Remote Network field is configured to Single, this field is N/A. When the

Remote Network field is configured to Range IP, enter the end (static) IP address, in

a range of computers on the network behind the remote IPSec router. When the

Remote Network field is configured to Subnet, enter a subnet mask on the network

behind the remote IPSec router.

Back

Click Back to return to the previous screen.

Next

Click Next to continue.

Table 17 VPN Wizard : Network Setting

LABEL

DESCRIPTION